Latest news with #dataprivacy
CBC
3 days ago
- Politics
- CBC
N.L. privacy commissioner investigating government response to school cyberattack
The province's information and privacy commissioner is investigating a security breach that saw hackers steal the private information of nearly 300,000 current and former students and teachers in Newfoundland and Labrador. In a news release sent Friday afternoon, Privacy Commissioner Kerry Hatfield said part of that investigation will look at whether the Education Department has taken enough action in the wake of the PowerSchool attack to make sure it doesn't happen again. "Before launching this investigation I felt it was appropriate to give the department sufficient time to assess the impact of the breach, notify those who were impacted, and take steps to adjust its policies and practices," she said in the release. "It has now had ample opportunity to do so." The late-December cyberattack struck PowerSchool, the data management software used by the English, French and Indigenous school systems — along with other school districts across North America. According to the Education Department, on Dec. 28 hackers stole the information of approximately 271,000 students and 14,400 teachers across Newfoundland and Labrador's English, French, and Indigenous school systems. The stolen data includes contact information, date of birth, MCP numbers, medical alert information, custodial alert information, some social insurance numbers and other related information. Some of that data dates back to 1995. The department said about 75 per cent of the stolen student data belongs to people who are no longer in the K-12 system. The company offered two years of free identity and credit monitoring to any of the victims, and has since hired Experian and TransUnion to provide those services. "The purpose of my investigation is not only to assess whether the department has responded adequately to the breach, but also to ensure that measures taken by the department to prevent future occurrences of this nature are sufficient," said Hatfield. "People have a right to expect that when a public body collects their sensitive personal information that it will do so in accordance with the law."
CNA
23-05-2025
- Politics
- CNA
Stricter US border controls prompt business travel rethink
When Alexander, an Asian research scientist at a top US university, was getting ready for a work trip to Brazil, his preparations took an unusual turn — he consulted his lawyer, brought along a burner phone and carried a blank laptop. Once his work was complete, he uploaded his data to the cloud then scrubbed the machine clean before flying home. 'I was advised to keep zero data on my devices,' he said. It was 'extraordinarily disruptive'. With Donald Trump back in the White House, many corporate executives, academics and government officials in Europe and elsewhere are approaching trips to the US with a level of caution more often associated with higher-risk jurisdictions such as China and some countries in the Middle East. Stricter immigration enforcement and more aggressive border screenings — which can include searching and even copying data from travellers' devices and, at times, denying entry — are prompting organisations to reassess the risks and protocols around even routine work travel. Contacts, emails, messages and social media posts could be subject to inspection, immigration lawyers said. Under the Trump administration, the number of border searches for January to mid-May have already surpassed those recorded in the first half of 2024 — up 10 per cent year on year — according to US Customs and Border Protection, the federal agency. Alexander, who, like other individuals that contributed to this article, asked to remain anonymous due to security concerns, is emblematic of the shift. 'I'm an immigrant, not a US citizen, working on climate change, meeting stakeholders such as labour unions and academics in Brazil, a country led by a leftwing government . . . All of this can be turned against you,' he said. Officials at his university, wary of a potential backlash from the Trump administration, said they would not provide legal aid should he encounter problems at the border, and advised him not to leave the country. The legal counsel he personally hired gave a stark warning, telling him border agents were in the mode of: 'Find me the man and we'll find the crime.' The uncertainty follows Trump's Jan 20 executive order, which aimed to put in place additional vetting and screening processes for foreigners seeking entry to the US and those already based there. It also laid the groundwork for new travel restrictions and a review of existing visas. Assistant commissioner Hilton Beckham at the US Customs and Border Protection told the FT: 'CBP's search numbers are consistent with increases since 2021, and less than 0.01 per cent of travellers have their devices searched . . . Claims that CBP is searching more electronic media due to the administration change are false.' She said searches played a 'critical' national security role and 'allegations that political beliefs trigger inspections or removals are baseless and irresponsible'. Yet, US universities including Duke and Columbia are among those advising international staff and students not to leave the country unless absolutely necessary. This followed a series of detentions and deportations that have rattled confidence — even among people holding valid visas or green cards. Last month US secretary of state Marco Rubio stated the pro-Palestinian activist and Columbia University graduate Mahmoud Khalil is deportable specifically because of his 'beliefs, statements or associations' that would compromise US foreign policy interests. The European Commission has issued burner phones and basic laptops to some US-bound staff to avoid the risk of espionage. The Financial Times reported that commissioners and senior officials travelling to the IMF and World Bank spring meetings last month were given the new guidance. Companies are also taking swift action: Many are seeking fresh legal advice for employees travelling to the US for work. Others are altering plans and, in some cases, advising against travel. Elizabeth Nanton, US immigration practice leader and partner at KPMG Law in Canada, said even though the vast majority of travellers were not encountering any issues, companies were preparing US-bound staff for potential questioning and advising them what to do if their devices were searched. Clients are asking 'what could happen, what might they expect'. She said several clients were re-evaluating their IT policies to scrutinise what data staff should be carrying on their devices. No matter how many times a non-US citizen has entered the country, companies should treat each case as 'a new determination of admissibility', Nanton added. She has been advising companies to work with immigration specialists on a case-by-case basis for US travel. Some companies are updating their travel guidance for the US, although there is wariness about publishing specific directives as they do not want to draw attention from Trump administration officials. One UK-based investor at a large asset manager said staff had been told to 'exercise significant caution' when taking their personal mobile phones into the US. 'Are you telling me business travel to the US is now the same as going to China?' he said. One pharmaceuticals industry executive based in New York said some large companies in the sector were not sending people to the US, especially if they thought they were likely to get stopped at the border because they were 'brown, Muslim or Chinese'. A London-based corporate executive said their firm was encouraging staff to apply for Global Entry, the US programme that speeds up border checks for vetted travellers. Meanwhile, some US technology companies are urging foreign staff to carry extensive personal documentation, including marriage certificates, rental agreements and payslips to ease re-entry. Online forums such as Reddit are filled with advice to, for example, delete social media apps and avoid storing any politically sensitive content on your phone. Since the Jan 20 executive order, the UK and German governments have updated travel advice with tougher wording, warning citizens that even minor infractions could lead to detention. 'The authorities in the US set and enforce entry rules strictly. You may be liable to arrest or detention if you break the rules,' the UK says. One lawyer at a British firm with US business interests said while these rules had always been in place, they were now more regularly enforced, which is why UK and German authorities had tweaked their travel guidance. 'The odds [of facing any trouble] are still fairly low,' said the lawyer. 'For businesses day-to-day, the focus is on digital devices. Federal authorities have long been able to seize, search and copy the information that is on your device.' The shift is starting to drip through to business travel bookings. Air France-KLM and Lufthansa have reported signs of weakening demand on transatlantic routes among European passengers. 'There is a definite deceleration in business travel bookings,' said Henry Harteveldt, a travel industry analyst. 'Various airlines tell me they are seeing 'slight' or 'modest' deceleration in their future business travel bookings, including US domestic, within Europe, and in both directions between Europe and the US.' He said reasons for this included weakening economies, which typically trigger a cutback in business travel, 'as well as concerns among international business travellers regarding possible problems entering the US'. Harteveldt observed there was a 'noticeable concern among corporate travel managers about international inbound travel to the US'. Alexander, the research scientist, is already thinking about the preparations he will have to make for his next business trip, this time to the UK. 'I have to do the exact same thing again,' he said. By Anjli Raval. Additional reporting by Hannah Kuchler and Philip Georgiadis © 2025 The Financial Times.
Yahoo
22-05-2025
- Politics
- Yahoo
Arkansas shares certain SNAP applicant numbers with federal government
Gov. Sarah Huckabee Sanders (left) and USDA Sec. Brooke Rollins in April. (Ainsley Platt/Arkansas Advocate) The Arkansas Department of Human Services is providing the U.S. Department of Agriculture with data on the number of certain SNAP program applicants, following a sweeping demand from the government earlier this month. A DHS spokesperson did not confirm or whether the agency would share more sensitive data in the future. The data-sharing was initially confirmed in emails provided to the Advocate through an Arkansas Freedom of Information Act request, and then by a DHS spokesperson, who said none of the information shared thus far was personally identifiable. A USDA official sent a letter to states on May 6, stating they would need to provide USDA with a trove of personally-identifiable information on Supplemental Nutrition Assistance Program recipients, such as names, addresses and Social Security numbers — data not typically shared with USDA as part of the SNAP program. USDA directed states to provide '[r]ecords sufficient to identify individuals as applicants for, or recipients of, SNAP benefits, including but not limited to personally identifiable information in the form of names, dates of birth, personal addresses used, and Social Security numbers,' along with detailed payment data to show how much a recipient has received in benefits. The request is for data dating back to Jan. 1, 2020. Advocates for child well-being call for removal of barriers to Arkansas SNAP participation Failure to provide the data or give permission for third-party data processors to do so could trigger 'noncompliance procedures,' the letter continued. In an email to two members of Gov. Sarah Huckabee Sanders' communications team, DHS spokesperson Gavin Lesnick wrote on May 9: 'One more for you — a reporter with the Washington Post reached out below about a new requirement for all states to share SNAP data with USDA. We are in the process of providing this data.' However, in response to questions from the Advocate, Lesnick said the data provided by the department was not personally identifiable. 'The Arkansas Department of Human Services (DHS) began sharing data last week detailing the number of disqualified and sanctioned SNAP applicants so far this year,' Lesnick wrote in an emailed statement. 'This dataset did not include any personal information.' SNAP data is 'stored by DHS' but is also provided to a third-party vendor to produce the program's EBT cards, Lesnick said. When asked to clarify whether DHS had plans to share the broader trove of personally identifiable information requested by USDA in the future, Lesnick did not directly answer the question. 'DHS plans to provide USDA any data requested that supports efforts to ensure program integrity,' he said. 'We take seriously our responsibility to safeguard sensitive data, and will ensure any information submitted to USDA is provided safely and securely. Questions about specific data types or future requests should be directed to USDA.' SUBSCRIBE: GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX The statement Lesnick provided to the Washington Post reporter earlier this month said: 'The Arkansas Department of Human Services is fully committed to efforts to detect and prevent fraud, waste, and abuse in all programs, including the Supplemental Nutrition Assistance Program (SNAP). We look forward to continuing our partnership with the U.S. Department of Agriculture's Food and Nutrition Service to ensure that SNAP benefits go only to eligible families.' The May 6 letter was prompted by a March executive order from President Donald Trump called 'Stopping Waste, Fraud, and Abuse by Eliminating Information Silos,' which directed officials to take all steps necessary 'to the maximum extent consistent with law,' to obtain access to data necessary to root out 'waste, fraud, and abuse.' It also directed federal agencies to take steps to gain 'unfettered access to comprehensive data from all State programs that receive Federal funding, including, as appropriate, data generated by those programs but maintained in third-party databases.' The USDA letter said that 'At present, each State, district, territory, and payment processor is a SNAP information silo.' USDA requires 'unfettered access' to the data held by states and third-party processors, the letter said, to eliminate inefficiencies and fraud in accordance with Trump's executive order. However, privacy advocates have raised alarms over the demand, sending letters to third-party data processors used by states urging them not to comply. States Newsroom has reported on efforts by the so-called Department of Government Efficiency to consolidate personally identifiable information from various government databases, potentially in violation of privacy laws. Some states, such as New Mexico, have refused USDA's demand on privacy grounds. Others, like Iowa and Alaska, have complied. As of March, 235,927 people in Arkansas received SNAP benefits, the Advocate previously reported — approximately 7.6% of the state population. As reported by NPR, the personal data of SNAP recipients normally remains under the control of states, while USDA is able to audit state programs. SUPPORT: YOU MAKE OUR WORK POSSIBLE
CTV News
21-05-2025
- CTV News
41 Alberta schools under investigation regarding PowerSchool breach: Privacy commissioner
Court documents allege PowerSchool, a company that manages a student information system, violated the trust of users and did not adequately protect their information. (File)
Irish Times
21-05-2025
- Business
- Irish Times
Google reassures EU cloud users amid concern over Trump threat
Google is beefing up its 'sovereign cloud' options in the EU, as US tech companies move to reassure the continent's users that their access to crucial technology will be safeguarded at a time of escalating trade tensions with Donald Trump. The Silicon Valley giant provides cloud computing offerings in Europe that ensures sensitive information remains on local servers and adheres to EU laws on data privacy. Google told the Financial Times on Wednesday it was broadening these so-called sovereign cloud options, including a new 'data shield' that provides additional cyber security protections to European clients. The US tech company also said it would work with local partners in sensitive industries, such as the French defence electronics group Thales, to better ensure it complies with tougher data protection requirements for those sectors. Google said it would also launch a similar arrangement in Germany soon. READ MORE The move comes as European groups raise concerns that the Trump administration could use the continent's reliance on digital infrastructure from US Big Tech groups as leverage in trade talks. Without naming Mr Trump directly, Hayete Gallot, Google's president of customer experience, said global tensions were 'creating anxiety in the world' and customers were 'looking for options to manage their business.' 'Sovereignty used to be a very niche thing, that applied to very regulated industries, such as defence and intelligence,' Ms Gallot said. 'And suddenly in the current environment, everybody is thinking about it.' US hyperscalers such as Amazon, Microsoft and Google dominate the European cloud market, while European providers such as the France's OVHcloud argue the tech sovereignty push is driving growth. Ms Galott said its new cloud offerings in Europe are built on existing solutions and infrastructure. For example, its existing Google Cloud Data Boundary offering already gives customers more control over where their content is stored and processed. A new user data shield provides extra security testing for customer applications, it said. For defence, intelligence and other sensitive sectors, Google also said it provided an 'air-gapped' solution, which means a client's data does not have to be connected to other networks. Ms Galott said she wanted 'to reassure' European customers about their 'requirements and expectations that they have around sovereignty and we are here to provide a layered set of that our customers can operate and then their customers can benefit from it.' The move echoes a recent announcement by Microsoft, the first large American cloud computing business to try to reassure European customers last month. The Seattle-based company pledged a series of 'digital commitments' to Europe, such as a promise to contest any government order to cease cloud services to European customers including through the courts. – Copyright The Financial Times Limited
